redirect to malicious url

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Oct 10, 2014 4:35 am

redirect to malicious url

Post by a-g » Fri Oct 10, 2014 5:52 am

I have a problem with loading site, it is too slow and i found site letcaro.x24 that load in my web site and i don't know where is it. in view page source it is :<script src="//letcaro. x24hr. com/js/couter.js?ver=1.2.7" type="text/javascript"></script>
website in mobile often redirect to another sites, but in another devices only in loading the letcaro come but load the site with delay.
I didn't find where is the code relating to letcaro.
the fpa report is : [removed]
please help us it is too complex for me
Last edited by mandville on Wed Oct 15, 2014 10:30 am, edited 3 times in total.
Reason: retitled no urls in post title. broke link

User avatar
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 171
Joined: Thu Dec 09, 2010 9:52 am
Location: United States

Re: redirect to

Post by cmshelplive » Wed Oct 15, 2014 9:28 am

Your site seems to have security concerns.

Start here:

Keeping Joomla, and corresponding site elements upgraded always helps your site to stay clean.
Joomla Forum Support | CMSHelpLive
Support Site:

User avatar
Joomla! Master
Joomla! Master
Posts: 14921
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: redirect to malicious url

Post by mandville » Wed Oct 15, 2014 10:31 am

Reload site from backup and follow the fpa instructions properly
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Nov 27, 2014 3:57 pm

Re: redirect to malicious url

Post by peter_sucuri » Thu Nov 27, 2014 4:04 pm

Hi there,

maybe you already fixed this problem, but just in case. Right now, I'm researching similar/same issue for one of our clients and I recommend checking following files:


In the case I'm working on, these files were infected and the malicious script was loaded exactly from the head.php - search for $document->_scripts[gzuncompress(base64_decode('eJzT1.. etc. Maybe on your site, it will be in other file, but at least you might know what to focus on.

Good luck!

Peter Gramantik
Sr. Malware Researcher | Sucuri, Inc.



Return to “Security in Joomla! 2.5”